Denial of Service Vulnerability in Cisco ASR 5000 Software
CVE-2016-9216

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Asr 5000 Software
Vendor
CVE Published:
26 January 2017

Summary

A vulnerability exists in the ipsecmgr process of the Cisco ASR 5000 Software, where improper parsing of IKE packets can be exploited by an unauthenticated remote attacker. This could lead to a denial of service that causes the ipsecmgr process to reload unexpectedly, potentially impacting network operations and availability. The vulnerability affects multiple versions of the software, emphasizing the importance of applying security patches to mitigate risks.

Affected Version(s)

Cisco ASR 5000 Software Cisco ASR 5000 Software

References

http://www.securitytracker.com/id/1037652
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95629
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.